Do Hackers and Spammers Get Away With It?

It may seem that the bad guys have free rein on the Internet. The flood of spam never seems to slow, and everyone knows someone who was hacked recently. Identity theft is rampant, and phishing scams continue, despite all the attention focused on this problem. Why can't the cops put these cyber criminals out of business once and for all?

Do Cyber-Criminals Ever Get Caught?

We often hear about phishing scams, where people are duped into giving up their online banking credentials, credit card info, or social security numbers. Sometimes these folks end up losing their life's savings. Hackers in dark corners of the Internet spread fake anti-virus software to trap unsuspecting users. Shady online pharmacies peddle useless counterfeit pills. And the spam just keeps rolling in.

It does seem that spammers and other online criminals operate without fear of getting caught. Can't the police, the legitimate security firms, the banks and other financial institutions involved track down the perpetrators? There has to be a money trail, or other electronic tools to trace these online evil doers, right?

Well, yes... sometimes the good guys do win. Oleg Nikolaenko is currently being held without bond on charges that he was responsible for sending one-third of the world's spam traffic - up to 10 billion unsolicited emails per day. He faces up to five years in prison. Albert Gonzalez, who masterminded the theft of 130 million credit card numbers, will spend the next 20 years in jail. And Sanford "Spamford" Wallace, one of the most notorious spammers of all, surrendered to the FBI last fall. It's almost certain he will see jail time, after being indicted by a federal grand jury for electronic mail fraud, intentional damage to a computer, and criminal contempt.

In the past year, some of most active botnets have been taken down by the diligent efforts of computer security firms and law enforcement cooperating across international borders. The Rustock botnet, and the Kelihos botnet, which controlled millions of infected PCs worldwide, have been neutralized. Microsoft and Kaspersky helped in these efforts, but the identity of the perpetrators remains unknown. But last November, the FBI raided two data centers in Chicago and New York, in coordination with police in Estonia who arrested several people who were operating the Esthost botnet. And in March 2010, the combined actions of Panda Security, authorities in Spain, and the FBI, led to the takedown of the Mariposa botnet and arrest of the kingpins behind it. Mariposa was the largest botnet to date, infecting over 12 millions computers.

A Slap On The Wrist?

And yet, the penalties seem slight compared to the magnitude of the crimes. That's one reason why cybercrime continues unabated. Even when cybercrooks are busted, they often get away with a slap on the wrist. Prison is an expensive punishment, and many prisons are overcrowded. So jail time is reserved for violent offenders and drug users, while so-called white collar criminals go free or get off easy.

Cybercrime often crosses national borders, which further complicates the investigation of crimes and apprehension of criminals. It's not uncommon for spammers and other cyber-criminals to use servers that are physically based in another country, usually one that does not cooperate with U.S. law enforcement. Russia and China are two hotbeds of rogue servers. And foreign governments are often reluctant to take action, when crimes by their citizens are committed in other countries.

Ironically, the same tools used by law-abiding tinfoil hat wearers to safeguard their privacy are also used by crooks to cover their tracks online. Proxy servers, virtual private networks, encryption, and other technologies make it difficult for law enforcement to identify cybercriminals and collect evidence.

The bad guys outnumber the good guys by a wide margin, too. Cybercrime is like the illegal drug trade. For every kingpin knocked down, there are several lower-level players waiting to take his place. The barriers to entry into cybercrime are very low. Basically, any kid with a little technical savvy can become a hacker or spammer.

After the Mariposa bust, investigators were surprised to learn that the operators of that botnet did not have advanced hacking skills. So there will always be cybercrooks among us. Some will be caught and punished, but the cybercrime problem is not likely to go away.

Bottom line, the law cannot always keep you safe from spammers and hackers. It's up to each of us to be on guard against spam, phishing, spyware, keyloggers, Trojans, rootkits, and all the other dangers thrown at us. Here are a few links where you can learn more about protecting your computer from these and other dangers:

Most recent comments on "Do Hackers and Spammers Get Away With It?"

Posted by:
JP
23 Feb 2012

For anybody who was affected by the DNS-Changer malware in 2011 and who doesn't know if that piece of malware was cleaned from the system, Avira has a free detect and repair tool available (for Windows) for download at:

The malware family of the DNS-changer manipulates the Windows network settings.

The DNS server entries are changed on the respective network adapter to achieve this. In the event of an infection, this will divert requests from web sites to malicious sites that are maintained by criminals.

The operators of those DNS servers have been arrested in November 2011 by the FBI and European law enforcement authorities. Additionally, the servers have been replaced with correctly working DNS-servers.

However, those servers will be shut down as of March 8th, 2012.

Computers that have been affected and did not apply the recommended changes within the settings, will not able to use the internet anymore, since the users are unable to dissolve domain names now without having access to the DNS.

Posted by:
Al S
23 Feb 2012

These guys steal millions and because it is expensive to house them they get a slap on the wrist. I suppose no one ever thought that they own property or made money with interest from their theft that they be given a long sentence and like in Mexico be forced to pay for their keep? The laws need to be changed, Bernie Madoff stolle Billions and still owns property.

Posted by:
Edmond Boko
24 Feb 2012

People, especially those of us who are not experts on the field of IT need regular advice and guidance of "how to do" to escape the traps of these bad guys who are coming up more and more in every country. The developed countries are doing their best to counteract these internet frauds but the under developed countries are still paying dearly due to lack of proper IT technologies. There should also be international laws against internet frauds etc. that should be applied in every country. In this case, I believe we need the cooperation of every government. Thank you.

I know first hand about the law letting these credit card theives go, they did everything online.They opened 4 credit cards, and wiped out my bank account.It was the same people that put up sheetrock in my house. I chased down the people here in Pensacola after they moved 5 times. The investigator in charge of the case said if we arrest everyone that is doing this we would not have enough room for the really bad criminals. I asked him if they did it to him where would they be? He said,"In my jail".

Posted by:
ABD
08 Mar 2012

Limiting spam is fine, but how about fraudulent and misleading ads? Do a google search and you'll find plenty of people really PO'd about lowermybills.com and some insurance site. LMB posts ads that say if you drive less than X miles/day, or if you take advantage of some new law, you can really save a bundle, click here to find out. But that only takes you to one screen, then to another and at each one you are asked for more information ("ONLY x MORE STEPS TO GO!") and at no time do they answer the question they said they would. People who gave their phone numbers, etc., say they have been harassed by many phone calls from different insurers and when they ask that it stop they are laughed at and told to go ask LMB.com.

The important thing here is, I think, the ad does not deliver what it said (it's not the only one of that type). It is fraudulent and misleading. Is there any policing? To whom does one report such things and does it do any good?

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.